Identifying Potential Malicious Attacks, Threats, and Vulnerabilities

1138 Words Feb 18th, 2013 5 Pages
For a better understanding of the situation in the network of the company I decided to start the analysis by the vulnerabilities that this one presents. Many of these vulnerabilities are the cause for different types of network attacks. It should be noted that while many of these vulnerabilities may be mitigated or eliminated the possibility of an attack always exists.
The first vulnerability is the email server. Although very well controlled for been within the Demilitarized Zone (DMZ), this is always a vulnerability with which most companies have to deal with. This vulnerability opens the way for phishing attack. One way to mitigate this vulnerability is configuring the email server so that only authorized email may enter. This is
…show more content…
Let's analyze the various attacks and threats to which our network can be a victim. For a better understanding I'll start from the most external layer of the network.
Phishing or Spear Phishing is an attack that may be carried through the email server. In this attack the hacker creates a fake web site that looks exactly like a popular site or any of ours providers / clients. The purpose of this attack is to collect sensitive information about users or the company. An attack of this type may be little detrimental or devastating, depending on how much and how important is the information collected. If this information provides access to the network to an unauthorized person we could be facing the three types of threats: Denial or Destruction, Alteration and Disclosure. It all depends of the intentions of the attacker.
The WAP can be a victim of multiple attacks. Eavesdropping is one of the most common attacks made against this type of device. Such attack can read and capture all types of packets transmitted through a network. Due to the location of the WAP our main threat would be disclosing of classified information to other sources.
The second most common attack facing us in this segment of the network is Brutal-Force. This attack is based on trying all possible
Open Document